WoW Players Targeted By Windows Flaw Exploit

← Back to Stories (view on slashdot.org)

WoW Players Targeted By Windows Flaw Exploit

Posted by Zonk on Thursday April 5, 2007 @01:30AM from the keep-your-cursors-peeled dept.

grimwell writes "The BBC is carrying the story that the ANI flaw is being used to target World of Warcraft players, as hackers search for account details. 'Analysis of that malicious software showed that it lay dormant on a victims machine until they ran World of Warcraft (WoW) at which point it captured login data and sent it to the hacking group ... Research by security firm Symantec suggests that the raw value of a WoW account is now higher than a credit card and its associated verification data.'" Doubtless, any compromised accounts would quickly see their equipment sold, and the resulting gold transferred to another account. This gold would then be sold for US currency to Real Money Traders like the company IGE.

24 of 130 comments (clear)

Min score:

Reason:

Sort:

A cold day in Hell.. by zyl0x · 2007-04-05 01:38 · Score: 4, Interesting

World of Warcraft is considered a better target for theft than a credit card. What kind of nerds are running those crime syndicates these days? Maybe if Blizzard came down on more of these gold-selling, account-selling, and item-selling service providers, this kind of nonsense wouldn't even be an issue.

--
Blerg.
1. Re:A cold day in Hell.. by Planesdragon · 2007-04-05 01:46 · Score: 2, Informative
  
  And even if they could, on what grounds could you charge any of those places with a crime?
  
  Fraud and unlawful computer access, to start. Racketeering too, and possibly money laundering or false advertising.
2. Re:A cold day in Hell.. by faloi · 2007-04-05 01:47 · Score: 2, Insightful
  
  It probably is a better target, or at least safer. There's nothing illegal (AFAIK) about selling accounts and gold, and I imagine it'd be tough to prove who actually stole the account. The worst thing most people who engage in this behavior have to look forward to is an account suspension, whether you're buying or selling.
  
  --
  "It is a miracle that curiosity survives formal education." -Albert Einstein
3. Re:A cold day in Hell.. by Aladrin · 2007-04-05 01:47 · Score: 5, Insightful
  
  What hole have you been hiding in? Anything that happens on Blizzard's servers is THEIR property. They can do whatever they like with it. By 'come down on' he means 'ban accounts'. If these 'gold-selling, account-selling, and item-selling service providers' lose more money than they make, they'll have to give up. It takes time and effort to amass stuff to sell, and there are companies -paying- people to amass it. If they have no way to do their thing, they'll have to stop.
  
  Having said that, short of shutting down all the servers, there's no way to stop it. Even having to start from scratch constantly, they'll still make enough money to keep going and hopefully outlast Blizzard's fury. Blizzard can't afford to hire enough people to police this well enough to stop it.
  
  --
  "If you make people think they're thinking, they'll love you; But if you really make them think, they'll hate you." - DM
4. Re:A cold day in Hell.. by voice_of_all_reason · 2007-04-05 01:59 · Score: 2, Interesting
  
  You would have to prove the gold/item trading companies were complicit in any of that. It hasn't worked for online auctions, search engines or ISPs, I don't see why it would work here. They say "we are a medium - it's not our job to investigate every sale for crime. You're the police, you do it."
5. Re:A cold day in Hell.. by MyIS · 2007-04-05 02:18 · Score: 4, Insightful
  
  Ah, history is full of examples how making something illegal completely eliminates it. *rolls eyes* More laws make more criminals, and if Blizzard came down on this, they would only drive this arms-race to higher levels. *OR* they could cash in on this (first and foremost), and also improve the game so that IT ISN'T A FRICKEN SECOND JOB!
  
  See, this is why I quit WoW - the fact that 90% of the time one has to "farm" or wait for a raid to assemble, or dully point their running character along some path across the map. I paid them money to escape the daily grind, and look what happened - I got into an even more boring grind. And, of course, there is no way to escape that grind either, because that's the only way to even get to the "fun" 10% of the game.
  
  If Blizzard made the game actually *fun* to play almost all the time, then noone would see the incentive to pay someone else to get through the boring stuff! And voila, no gold-farmers, no hacking accounts, no Slashdot story.
  
  --
  http://zero-to-enterprise.blogspot.com/
6. Re:A cold day in Hell.. by Impy+the+Impiuos+Imp · 2007-04-05 02:50 · Score: 2, Interesting
  
  Actually, that got so irritating with pawn shops that many states require pawn shops to record serial number and seller names of any items they take in.
  
  So yes, playing too dumb can bring the law down on you whether you like it or not.
  
  --
  (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
7. Re:A cold day in Hell.. by MBGMorden · 2007-04-05 02:58 · Score: 3, Informative
  
  If Blizzard made the game actually *fun* to play almost all the time, then noone would see the incentive to pay someone else to get through the boring stuff! And voila, no gold-farmers, no hacking accounts, no Slashdot story. Yep, and they'd lose a lot of paying customers shortly afterwards. Here's the rub with games like WoW: they're largely a pissing contest where people like to gloat about how much better stats they have, how much better their gear is, how high their tradeskills are, etc. (and this is coming from someone who actually does play the game quite regularly).
  
  If they took out the grind, the coveted "status" that so many either love to maintain, or love to strive for, vanishes. Everybody is left with just the game for the game's sake, which while arguably the way it "should be" won't work for WoW because the game engine itself isn't the most interesting thing in the world.
  
  That's mainly why all the gear in TBC was so overpowered compared to the original campaign. People were finally getting to the point where many realized they were NEVER gonna make it into BWL, much less Naxx, and starting to lose interest. They gave them some major gear upgrades so that they can feel like "wow, I'm a badass - this stuff blows away the gear I saw those raiding guys walking around with a few weeks ago". Then they get back on the treadmill to try and reach that status again. Stupid, but if you take away the treadmill a lot of them will see no point.
  
  --
  "People who think they know everything are very annoying to those of us who do."-Mark Twain
8. Re:A cold day in Hell.. by snarlydwarf · 2007-04-05 03:22 · Score: 2, Insightful
  
  And I hope you have ID to match that. Again, in many states, ID is required.
  
  Business Watch International (see BWIPOLICE.COM, for example) maintain database servers for pawn transactions and many municipalities are changing their laws to require pawn shops report their transactions electronically. (Here in the Eugene, Oregon area, for example, that is now the law. Not paper pawn slips for the police to wade through, but databases they have live access to.)
  
  Of course, it could even be argued that these sorts of laws protect pawn shops from being charged with "Receiving Stolen Goods" as well as the loss associated with paying for an item that is taken by police after it is determined to be stolen.
  
  The reason, though, this doesn't apply online is because the law regarding virtual goods is nebulous. Does The Sword of Death have a value? If no, then what is the crime? If yes, then why is getting it as a drop not considered taxable income?
9. Re:A cold day in Hell.. by Senjutsu · 2007-04-05 05:56 · Score: 2, Insightful
  
  By you're logic, it's legal for me to sell someone the Brooklyn bridge. After all, New York still owns it after I'm done, so where's the crime?
10. Re:A cold day in Hell.. by dknj · 2007-04-05 07:07 · Score: 2, Interesting
  
  To: Graff
  From: BlizzardAnnouncement@blizzard.com
  Reply-To: BlizzardSupport@b1izzard.com
  Subject: Blizzard can no longer find your stored password
  
  Dear World of Warcraft User,
  
  We are unable to find your stored password. As you know, you should only have to input your username and password once to connect to our WoW servers from your gaming machine. Unfortunately, it would appear that you have done one of the following:
  
  - Reinstalled Windows or erased a critical part of World of Warcraft
  - Allowed your system to be compromised
  - Are playing World of Warcraft from a guest computer (eg. Internet Cafe, etc)
  
  To resolve this problem, simply respond to this email with your initial full name, telephone number, username, password, and last 4 digits of your credit card that you used to sign up. A Blizzard support representative will contact you within the next 48 hours to ensure your system is free of malware and verifies your identity.
  
  We are extremely sorry for any inconvenience this may have caused you and we will credit your account with a free month of service upon reactivation.
  
  Thank you for choosing Blizzard
  
  Blizzard Support
  BlizzardSupport@b1izzard.com
Re:Soulbind Gold? by FredDC · 2007-04-05 01:39 · Score: 3, Insightful

That would render the wow economy useless... You would only be able to buy from npc's and not from other players.

--
09 f9 11 02 9d 74 e3 5b d8 41 56 c5 63
Awflly big brush you're tarring with... by g051051 · 2007-04-05 01:41 · Score: 2, Insightful

While I'm no fan of gold farmers and in-game currency traders, is there any evidence to justify naming IGE in that addendum? What justifies that?
1. Re:Awflly big brush you're tarring with... by pslam · 2007-04-05 01:49 · Score: 5, Informative
  
  While I'm no fan of gold farmers and in-game currency traders, is there any evidence to justify naming IGE in that addendum? What justifies that?
  Why, you could click on their web page and note the tagline "IGE, Buy WOW Gold, World of Warcraft Gold, FFXI Gil, Final Fantasy XI Gil, Lineage 2 Adena". These guys are assholes and proud of it. They don't deserve apologists.
  Maybe I should also dig up the evidence that in the past they were involved in authoring trojans...
Warning for players upon startup by Sciros · 2007-04-05 01:46 · Score: 2, Interesting

Is there some sort of big warning popup in WoW for players as they start the game up? (prior to entering a username/password)? I know that Guild Wars has special "news items" alongside the login form that you can read without having to actually log into your account. It would be cool if Blizzard (heck, and ArenaNet) had a giant warning that came up for the next few days informing people of this issue and of the upcoming fix from MS (or am I confusing my vulnerabilities/fixes here?...). That might help folks out perhaps.

--
I like basketball!!1!
Re:Soulbind Gold? by kalirion · 2007-04-05 01:47 · Score: 3, Funny

Well, if you could un-soulbind it, then that would probably be a good idea. Also, if you wanted to get rid of some sole binded gold, you could just buy an item, and then sell the item to another character.

Great, so now only someone who has access to my account can steal my gold and items! That solves everything!
Re:Soulbind Gold? by Das+Modell · 2007-04-05 01:49 · Score: 2

Almost all equipment in WoW becomes soulbound when equipped. Some items become soulbound when you pick them up. I would imagine that account hackers just sell these items to NPC vendors.
OMFG! What about my Slashdot Account? by Culture · 2007-04-05 02:05 · Score: 4, Funny

I just hope no one ever figures out a way to do this with Slashdot accounts. If WoW accounts are more valuable than credit cards, then Slashdot accounts must be more valuable than, I guess, say Dilithium Crystals or Ewok slaves. I think I have finally going to have to upgrade to Windows98 from Windows95. It probably is mature enough at this point.

--
----- There are two kinds of people in this world, my friend; those with loaded guns, and those who dig.
Preferred MS patch procedure by RealErmine · 2007-04-05 02:15 · Score: 2, Funny

What Microsoft should have done, instead of investing significant amounts of its own resources into the security patch, was tether a huge, yellow exclamation point over the Redmond campus. Wayward WoW players would be inexorably drawn to it where they would find a Non-payroll Personnel Coordinator (NPC) who would relate to them the details of the bug and why it needs to be fixed. Harvesting the collective zeal of the WoW community in such a fashion, the solution to the issue would have been presented to Microsoft promptly and at little expense. Patch notes could even be copied and pasted directly from the resulting Wowwiki page.

Incidentally, I plan to use a similar process to reduce the amount of manual labor around the home.

--
Dewey, you fool! Your decimal system has played right into my hands!
Re:Oh darn... I use FreeBSD + WINE to play WoW... by jimstapleton · 2007-04-05 02:22 · Score: 2

Sure...

Many games I play in WINE lack the bugs they have in windows.

Ex: Due to DirectX errors, Master of Orion 3 is virtually unplayable in Windows, where as it's flawless in WINE.

Also, WINE isn't involved in my web browsing or email.

--
34486853790
Connection too slow for X forwarding? Try "ssh -CX user@host"
Re:Soulbind Gold? by Fozzyuw · 2007-04-05 02:32 · Score: 3, Interesting

Don't WoW players have the option of "soulbinding" their gold and other items, so that only their own character can use them? This would seem to be the easiest fix for the problem of account hacking.

Soulbinding is for items only, which can still be (rare cases, not withstanding) sold to the vendor for gold. Gold cannot be soulbound. Which is why, on hacked accounts, the person is left naked and pennyless. Everything in liquidated into gold and the gold is transferred to another.

However, that is really a interesting idea. How would a game economy handle the idea of no inter -player trade? I would find that an interesting concept to test out. The game would have to be designed where 'all players are equal' in a sort. Everyone could craft any item (or require that you can only get crafted items from NPC vendors). Killing a monster and looting would give full value of money and items to everyone. (A monster drops 10 gold and all 5 players who killed it get 10 gold each. as well as a copy of the weapon or armour it dropped). Heck, a monster would no longer even NEED to drop items. They can just drop money and (as WoW is turning too) special tokens which can be exchanged for items at the high-end.

It would remove an 'economy', for whatever a virtual economy is worth (as technically, everything is limitless). Though I know a lot of people like the idea of 'trade' (I'm one of them), the real question is, does a 'game' really need it? I guess this is close to how Guild Wars works when you only play with NPCs. All items dropped are given to you and gold is reduced by the number of NPC party members. While some items can be dropped from monsters that you use, often find that armour is crafted for you by NPCs who require crafting materials you salvage from item drops and some gold. In essence, it's kind of like only getting gold from monsters.

Do so, does take something away from the 'feel' of the game, but it also can add to the 'work' of the game and I often find this adds to my own 'burning out'. Tough choice, but I like the idea and would like to see how people reacted to a game once they've played it fully.

Cheers,
Fozzy

--
"The past was erased, the erasure was forgotten, the lie became truth." ~1984 George Orwell
Re:Soulbind Gold? by pslam · 2007-04-05 02:58 · Score: 2, Informative

There are ways around this. A common trick used to exchange gold cross-faction (not involving gold sellers at all) is to stick a "plain letter" (a very cheap item) on the cross-faction auction house for the amount of gold you want. The player on the other faction then buys it.
Same applies to same-faction trading. In order to really stop gold changing hands, you would need to remove the auction houses. It would also render a lot of the profession system useless because you couldn't do enchants/crafting and get a fee.
Have you played WoW?
Re:Simple Solution by NewbieProgrammerMan · 2007-04-05 04:46 · Score: 2, Insightful

It would be nice if there was some equivalent to the "rested XP" bonus once you've reached max level; some benefit that casual gamers would receive for not being online all the time. I'm sure the hard-core people would whine about it, but I doubt many of them would quit over it (as long as it wasn't some outrageous benefit).

--
[b.belong('us') for b in bases if b.owner() == 'you']
Re:Soulbind Gold? by jchenx · 2007-04-05 06:28 · Score: 2, Insightful

It amazes me the "infield fly rules" these games create just to prevent them from being like reality. It's bad enough a guy with no fighting training and no armor can stand there waving his hands while a huge guy with a sword beats on him unopposed. But this is "balance", i.e. melee wimps, casters much tougher than they actually are (not damage they do, but that they take. You can't avoid flinching when someone waves a hand in your face, much less a sword, much less hits you with a sword -- yet you can't wear armor because it interferes with these "delicate hand movements". Sheesh.)
I know this is off-topic, but I can't resist. Other MMORPGs have tried being more realistic. Guess what ... they're not as fun!

If you're truly looking for something closer to reality, then perhaps you should check out LARPing ...

--
-- jchenx